End-to-end encryption is a well-understood concept. What's less often discussed is the assumption that underpins all of it: that the public key you receive for your intended recipient actually belongs to them. If that assumption is wrong — if the server has substituted a different public key — the encryption is intact but aimed at the wrong recipient. Your message is unreadable by anyone except the key holder, and the key holder is not who you think it is. This attack is called a man-in-the-middle on the key exchange, and it's the structural vulnerability that key transparency is designed to close. The attack doesn't require breaking any cryptography. It requires only that the service operator control the key distribution mechanism — which, in centralized messaging systems, they always do. ## The Key Exchange Problem In a typical E2E encrypted messaging system, Alice wants to send Bob a message. Alice's client asks the server for Bob's public key. The server returns a key.…